cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

285
Views
10
Helpful
5
Replies
Beginner

Access Control List

Hello Everyone!

 

Is there a one-liner I can create for this ACL:

The source IPs are all the same and the destination IP are also the same

 

access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 5938
access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 7710
access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 3310
access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 2310
access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 3870
access-list 187 permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 2342

 

Thanks!

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

Re: Access Control List

Hello
If your software supports it then you could try a service object group and tie that into a single extended acl.

object-group service tcp_ports
tcp eq 5938
tcp eq 7710
tcp eq 3310
tcp eq 2310
tcp eq 3870
tcp eq 2342

ip access-list extended 187
permit object-group tcp_ports 10.30.0.0 0.0.255.255 host 10.10.77.10

int x/x
ip access-group 187 in/out



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

VIP Mentor

Re: Access Control List

Hello,

 

a named access list lets you put it multiple values:

 

ip access-list extended TCP_PORTS
permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 2310 2342 3310 3870 5938 7710

View solution in original post

5 REPLIES 5
VIP Mentor

Re: Access Control List

Hello
If your software supports it then you could try a service object group and tie that into a single extended acl.

object-group service tcp_ports
tcp eq 5938
tcp eq 7710
tcp eq 3310
tcp eq 2310
tcp eq 3870
tcp eq 2342

ip access-list extended 187
permit object-group tcp_ports 10.30.0.0 0.0.255.255 host 10.10.77.10

int x/x
ip access-group 187 in/out



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Beginner

Re: Access Control List

Hi Paul,
Thanks for your help, I will definitely use this solution. Also, Is the an object group for IPs?
Thanks, Alfred
Highlighted
VIP Mentor

Re: Access Control List

Hello


@dacruzer1 wrote:
Hi Paul,
Thanks for your help, I will definitely use this solution. Also, Is the an object group for IPs?
Thanks, Alfred

Glad it assisted you, yes there is

object-group network <name>
range 192.168.1.0 192.168.1.254  < ip range

192.168.1.0 255.255.255.0 <  ip subnet
host 192.168.1.1 < ip host

group-object  xxx < nested group object

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Mentor

Re: Access Control List

Hello,

 

a named access list lets you put it multiple values:

 

ip access-list extended TCP_PORTS
permit tcp 10.30.0.0 0.0.255.255 host 10.10.77.10 eq 2310 2342 3310 3870 5938 7710

View solution in original post

Beginner

Re: Access Control List

Thanks George! I appreciate your help.
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here